Abstract
This document supports the EU directive for electronic signatures. It specifies security requirements for Signature Creation Applications that create Advanced Electronic Signatures with the help of a Secure Signature Creation Device and Signer´s Signature Creation Data using Qualified Certificates, by means of the following:
· providing a model of the Signature Creation Environment and a functional model of Signature Creation Applications;
· specifying overall requirements that apply across all of the functions identified in the functional model;
· specifying Security Requirements for each of the functions identified in the Signature Creation Application excluding the Secure Signature Creation Device.
A Signature Creation Application is intended to deliver a Qualified Electronic Signature associated with a Signer's Document as a Signed Data Object to the user or some other application process in a form specified by the user.
A further goal is to provide a specification so that applying an electronic signature is as easy and error-free as applying a hand written signature. It should be possible for all people, including people with special needs to create an electronic signature. Achieving these goals will contribute to consumer confidence and trust in elec-tronic signatures.
This specification is intended to be independent of particular technologies and realisations that might be em-ployed in products. The following aspects are considered to be out of scope:
· generation and distribution of Signature Creation Data (keys etc.), and the selection and use of cryptographic algorithms;
· the legal interpretations of any form of signatures (e.g. the implications of countersignatures, multiply signed documents and signatures covering complex information structures containing other signatures).
This standard specifies security requirements that are intended to be followed by implementors of SCAs.